SECRET != SECURE First of all, I apologize for my english, please, send blames to mep@/dev/null, smart emails, ideas, improvements and so to mephystos@virsoft.com DISCLAIMER: This tool is for educational purposes, I don't recoment to use it for nothing ilegall. I decline any responsability for any illegal use of it. I'm tired to say everybody that when something is secret it doens't mean it is secure. Soon or later, somebody will discover it. Lately, I'm every day telling the people in my company to clean the shit the development department drop in the public area of the Web. I'm every day trying to discover new directories and new shit the people forget into them. In fact, yesterday, I was testing some directories in some webs, and I discovered a lot of shit in them too (databases, test files...) . As far as I know, it's a general problem and this utility may help to audit some systems. Even more, there are many people that let their directories be browseable (big error in my opinion). So, I decided to automatize the task. I have recopiled a lot of common names of directories, and the program (in perl, and the mayor part were ripped from qhttp, in fact, I added only a few lines) it's ugly (my implementation), but functional. You can add your own directories in the browsing.cfg file, and the result will be writen in result.txt. There are many improvements you can do, for example support for HTTPS, or maybe drawing a tree, or recursive directories search, and so on... the sintaxis is: perl busca_browsing.pl get http://www.microsoft.com Or perl busca_browsing.pl get http://www.microsoft.com/iis etc....(got the idea?) Download it from here: browsing.tgz Enjoy. Juan Ramon Lehmann